[Virus Alert] 2 new worms found
Worm name: BKDR_DUMADOR.BW
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This backdoor arrives as a file downloaded from the Internet by another malware.
It opens and listens on three specific ports via Internet Explorer's process IEXPLORE.EXE. Once connected, it allows a remote malicious user to issue commands, which it executes on an affected system. The said capability effectively compromises system security as it enables the said remote user to take control of the affected machine. It is also important to note that upon connection, this backdoor sends a notification packet to the URL www.ambre{BLOCKED}rp.com/home.php to probably inform the mentioned remote user that a target machine is already infected.
It also monitors an affected user's Internet activities to steal information like user names and passwords of email accounts. The information it gathers may be saved for future retrieval by a remote user, who may, in turn, use them to access the affected user's accounts.
Furthermore, this backdoor prevents the affected user from accessing certain Web sites that are mostly related to antivirus and security applications. The said action helps prevent its immediate detection and consequent removal from the affected system.
Worm name: WORM_ATOMICKS.A
Risk rating: HIGH
Damage Potential: HIGH
Distribution Potential: HIGH
Description:
This worm searches for files in the root folder of an affected system's hard and floppy drive, which is usually C:\ and A:\, respectively. It then deletes the existing files in the said locations and replaces them with copies of itself.
It uses the file names of the deleted files appended with the extension EXE. The said routine allows this worm to propagate via floppy disks. Moreover, the said routine may delete important files.
This worm sends messages to all users in the network of the affected system using the net send command.
References: http://www.trendmicro.com/vinfo/ (TrendMirco Virus Security Info)
http://www.trendmicro.com/vinfo/zh-tw/default.asp (Traditional Chinese TrendMicro Virus Security Info
